更新时间:2026-02-05 GMT+08:00
COA插件
功能说明
安全云脑系统内置插件,可调用CloudTIC(华为云内置情报中心)进行威胁情报验证。
插件执行函数intelligence参数说明
函数功能:调用CloudTIC(华为云内置情报中心),进行威胁情报验证。
函数输入参数说明:
|
参数名称 |
参数类型 |
参数描述 |
是否必填 |
|---|---|---|---|
|
type |
String |
查询威胁情报对象的数据类型。可填写取值范围:仅支持ip,domain,url,file,不支持大写,不支持其他取值。 |
是 |
|
data |
String |
查询对象的值,与type对应;
|
是 |
|
exclude |
String |
可根据实际使用场景,排除返回的威胁情报查询结果的指定参数信息。需要排除多个参数,参数之间请用逗号分隔,不能存在空格。 |
否 |
|
field |
String |
仅当“type”取值为“file”时,该参数取值才会生效。该参数用于指定查询的文件字段。 |
否 |
|
language |
String |
查询结果的响应语言,可取值范围:zh或en,不支持大写,不支持其他取值。 其中zh表示查询结果显示语言为简体中文。en表示查询结果显示语言为英语。 |
否 |
函数输出参数说明:
|
参数名称 |
参数类型 |
参数描述 |
|---|---|---|
|
header |
Object |
查询威胁情报信息返回的响应结果的header,包含请求和响应的基本信息,如请求时间、响应服务、请求Id等信息。 |
|
code |
Int |
状态码,表明请求是否成功。 “code”取值示例说明:
|
|
body |
Object |
接口返回参数的具体内容,包含情报的详细信息。 |
函数intelligence输出示例
{
"headers": {
"Transfer-Encoding": "chunked",
"X-Frame-Options": "SAMEORIGIN",
"Strict-Transport-Security": "max-age=31536000; includeSubdomains;",
"Cache-Control": "no-cache, no-store, max-age=0, must-revalidate",
"Server": "api-gateway",
"X-Request-Id": "9262f8cb6bc542583288f9da5c486b68",
"X-Content-Type-Options": "nosniff",
"Connection": "keep-alive",
"X-Download-Options": "noopen",
"X-XSS-Protection": "1; mode=block;",
"Date": "Sun, 04 Jan 2026 06:40:17 GMT",
"Content-Type": "application/json"
},
"code": 200,
"body": {
"indicator": {
"severity": "info",
"pattern_type": "STIX",
"created": "2025-12-09T06:17:42+08:00",
"confidence": 75,
"pattern": "[ipv4-addr:value = '8.8.8.8']",
"pattern_version": "2.1",
"description": "",
"valid_from": null,
"source": "ThreatBook Labs",
"revoked": false,
"labels": ["Gateway", "Whitelist", "CDN", "GoogleCloud"],
"extensions": "",
"valid_until": null,
"verdict": "white",
"defanged": false,
"name": "8.8.8.8",
"modified": "2025-12-30T05:49:44+08:00",
"kill_chain_phases": [],
"suggested_of_coa": "",
"value": "",
"external_references": []
},
"rdns_list": [{
"severity": null,
"update_time": "2023-11-22 00:00:00",
"first_time": "2023-11-22 00:00:00",
"domain": "dns.google",
"labels": null
}],
"ip": "8.8.8.8",
"r_dns_count": 1,
"ports": [],
"certs": [],
"samples": [{
"severity": "",
"sha256": "766c9a7d7dda6fadde2b6a53e799e684a7fa6ca4283211bb82ee6d9186b8e1d6",
"size": -1,
"file_type": "",
"scan_time": "2021-12-16 05:25:33",
"malware_type": "Exploit",
"ratio": "17/26",
"labels": [],
"malware_family": "RpcDcom"
}, {
"severity": "",
"sha256": "f4c11cd3f6839a2dcc0116096ddc0e4b88663d77cc01cc6950346229feaec19a",
"size": -1,
"file_type": "",
"scan_time": "2021-12-16 05:01:43",
"malware_type": "Exploit",
"ratio": "15/26",
"labels": [],
"malware_family": "RpcDcom"
}, {
"severity": "",
"sha256": "fead0503da6a6e4485145934796477fad833c5d5b09931820f2409f765131262",
"size": -1,
"file_type": "",
"scan_time": "2021-12-15 21:57:14",
"malware_type": "Exploit",
"ratio": "15/26",
"labels": [],
"malware_family": "RpcDcom"
}, {
"severity": "",
"sha256": "640ce798beefff6623b30c249dd326f8c2b610617dd8899e7413a5cf89c417e9",
"size": -1,
"file_type": "",
"scan_time": "2021-12-15 20:40:59",
"malware_type": "Trojan",
"ratio": "7/26",
"labels": [],
"malware_family": "ArkeiStealer"
}, {
"severity": "",
"sha256": "113731e6949d9073227f3e90634fe990f2e6c65bb365d7d8d573f9b8a0aa7c41",
"size": -1,
"file_type": "",
"scan_time": "2021-12-15 15:45:50",
"malware_type": "TrojanDownloader",
"ratio": "12/26",
"labels": [],
"malware_family": "Upatre"
}, {
"severity": "",
"sha256": "efc3fd87e545269899893e663a3238489cf1420cfb468725fb8f9258218a1d8b",
"size": -1,
"file_type": "",
"scan_time": "2021-12-15 15:21:41",
"malware_type": "Exploit",
"ratio": "18/26",
"labels": [],
"malware_family": "RpcDcom"
}, {
"severity": "",
"sha256": "fc3e34af64170a6014390ae1f79b2b908ce3bd193c3961830dbca0abb50d721a",
"size": -1,
"file_type": "",
"scan_time": "2021-12-15 13:35:32",
"malware_type": "Exploit",
"ratio": "17/26",
"labels": [],
"malware_family": "RpcDcom"
}, {
"severity": "",
"sha256": "710bb81b2788e3b27ed3da4d267aca39c03aceedeb94bfb936554ae4c05d0fc3",
"size": -1,
"file_type": "",
"scan_time": "2021-12-15 12:24:59",
"malware_type": "Virus",
"ratio": "13/26",
"labels": [],
"malware_family": "Nabucur"
}, {
"severity": "",
"sha256": "773e1d44eb73384586f914b721a2477bf680015cb348ff2509c1e6f703aad0c7",
"size": -1,
"file_type": "",
"scan_time": "2021-12-15 07:04:24",
"malware_type": "Exploit",
"ratio": "13/26",
"labels": [],
"malware_family": "RpcDcom"
}, {
"severity": "",
"sha256": "ebf64359a67e9a5cc03a4e043be229d5f7592ecd73fecfbf84b37420871daee8",
"size": -1,
"file_type": "",
"scan_time": "2021-12-15 05:48:09",
"malware_type": "Trojan",
"ratio": "7/26",
"labels": [],
"malware_family": "Kryptik"
}, {
"severity": "",
"sha256": "4844e668a5365f661cb9d31108607d79aa3293ef7ba5809d86c0f25144f216e9",
"size": -1,
"file_type": "",
"scan_time": "2021-12-15 03:12:20",
"malware_type": "",
"ratio": "0/26",
"labels": [],
"malware_family": ""
}, {
"severity": "",
"sha256": "40be281fc46b001a18bc803e060cdfad6205af17f2d9159b1cd447b5548c4c54",
"size": -1,
"file_type": "",
"scan_time": "2021-12-15 00:10:12",
"malware_type": "Worm",
"ratio": "13/26",
"labels": [],
"malware_family": "Cambot"
}, {
"severity": "",
"sha256": "a82e711c4ac0b7c3623d6e051df24974d0da6d0c160900e45fdae72f6a324922",
"size": -1,
"file_type": "",
"scan_time": "2021-12-14 23:54:08",
"malware_type": "Exploit",
"ratio": "15/26",
"labels": [],
"malware_family": "RpcDcom"
}, {
"severity": "",
"sha256": "eff05ab783988a91d98193913f414dd4db67d6d0c00251316f6304922af3e956",
"size": -1,
"file_type": "",
"scan_time": "2021-12-14 23:43:57",
"malware_type": "Worm",
"ratio": "18/26",
"labels": [],
"malware_family": "Brontok"
}, {
"severity": "",
"sha256": "b56c8a9cedd802e7e7a2d2d3755884925c1ee83899dce4ca2f4f09fd45a770bc",
"size": -1,
"file_type": "",
"scan_time": "2019-03-08 00:24:07",
"malware_type": "Backdoor",
"ratio": "17/26",
"labels": [],
"malware_family": "Zegost"
}, {
"severity": "",
"sha256": "219f6a9e24bc885b6e7a1b36fb19c194e0c5f3f71130133058af90d178ee28e3",
"size": -1,
"file_type": "",
"scan_time": "2018-08-13 13:15:59",
"malware_type": "Backdoor",
"ratio": "19/26",
"labels": [],
"malware_family": "PcClient"
}, {
"severity": "",
"sha256": "bc07c1c35f4515705677abbe787e6d7b0c2413a147a4a02bc914d969ba7fd984",
"size": -1,
"file_type": "",
"scan_time": "2015-09-29 03:00:56",
"malware_type": "",
"ratio": "0/26",
"labels": [],
"malware_family": ""
}, {
"severity": "",
"sha256": "28f730de9f9aa6db670206c04e5b49135fab8d4d7a0577dfc345d6f7cdcddfb8",
"size": -1,
"file_type": "",
"scan_time": "2015-09-25 03:07:10",
"malware_type": "",
"ratio": "7/26",
"labels": [],
"malware_family": ""
}, {
"severity": "",
"sha256": "2a2309ae0b6205d00b00958ae57494d3bf17643e4565df5d4ef9738bfe0b9037",
"size": -1,
"file_type": "",
"scan_time": "2015-09-25 03:00:06",
"malware_type": "",
"ratio": "7/26",
"labels": [],
"malware_family": ""
}, {
"severity": "",
"sha256": "8e000438703c8d66d02ef8009c0ac4a787381d9ad3b72ef58eb8151adc9c6473",
"size": -1,
"file_type": "",
"scan_time": "2015-09-25 01:33:38",
"malware_type": "",
"ratio": "5/26",
"labels": [],
"malware_family": ""
}],
"incident_count": -1,
"p_dns_count": -1,
"hardware_platforms": "",
"location": {
"country": "United States",
"street_address": "",
"city": "",
"latitude": 39.765053,
"precision": 0,
"administrative_area": "",
"region": "",
"postal_code": "",
"longitude": -101.40791
},
"pdns_list": [],
"asn": {
"number": 15169,
"isp": "Google LLC",
"name": "GOOGLE",
"rank": "4",
"rir": ""
}
}
}
父主题: 系统内置流程插件说明
